CVE-2020-19664:Remote Command Execution Vulnerability in DrayTek Vigor2960 1.5.1

splash
Back

Description Preview

A remote command execution vulnerability exists in DrayTek Vigor2960 version 1.5.1. This vulnerability allows an attacker to execute arbitrary commands on the affected system by injecting shell metacharacters in the toLogin2FA action to the mainfunction.cgi endpoint. This is classified as a CWE-78 (OS Command Injection) vulnerability, which could lead to complete system compromise.

Overview

The vulnerability affects DrayTek Vigor2960 firmware version 1.5.1, as well as Vigor3900 and Vigor300B models as indicated in the vendor's security advisory. The issue stems from improper validation of user input in the toLogin2FA action parameter of the mainfunction.cgi script. An attacker can exploit this vulnerability by sending specially crafted HTTP requests containing shell metacharacters to execute arbitrary commands on the affected device with the privileges of the web server process. This could potentially lead to unauthorized access, information disclosure, and complete compromise of the affected system.

Remediation

To address this vulnerability, users should:

  1. Update to the latest firmware version provided by DrayTek for their specific model.
  2. According to the DrayTek security advisory, firmware updates are available to patch this vulnerability.
  3. Implement network segmentation to restrict access to the management interface of affected devices.
  4. Monitor for suspicious activities that might indicate exploitation attempts.
  5. Consider implementing additional security controls such as IP filtering to limit access to the device's management interface.
  6. Ensure that the device is not directly accessible from the internet.

References

  1. DrayTek Security Advisory: https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/
  2. Exploit details and proof of concept: https://github.com/minghangshen/bug_poc
  3. Third-party security analysis: https://nosec.org/home/detail/4631.html
  4. CWE-78: OS Command Injection: https://cwe.mitre.org/data/definitions/78.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background